通信人家园
标题:
如何使用scapy或者别的工具解析过UDP-encapsulated ESP messages
[查看完整版帖子]
[打印本页]
时间:
2022-7-12 18:04
作者:
land_litao
标题:
如何使用scapy或者别的工具解析过UDP-encapsulated ESP messages
有同学使用scapy或者别的工具解析过UDP-encapsulated ESP messages没,就像下图这个wireshark消息,写了个测试程序,解析出来和wireshark里的不一样。
import scapy
from scapy.all import *
from scapy.utils import PcapReader
from Crypto.Cipher import AES
packets=rdpcap(r"tcpdump_NTLog_V2_2022_0314_190713_start_1.cap")
sa = SecurityAssociation(ESP,
spi=0x8610c449)
# C:\Users\[username]\AppData\Roaming\Wireshark\esp_sa
# "IPv4","192.168.2.72","207.219.233.33","0x8610c449","AES-CBC [RFC3602]","0x0bca0574cba28f949390a552cfbd8605","HMAC-SHA-1-96 [RFC2404]","0x6f8f7a3044fdc68dfa50c70c91bcb306fa6e1952"
res = CRYPT_ALGOS['AES-CBC'].decrypt(sa, packets[239][ESP], b'0bca0574cba28f949390a552cfbd8605', icv_size=12)
print(f'res.iv lenght is {len(res.iv)}')
for i in res.data:
print(hex(i))
break
res.show()
复制代码
通信人家园 (https://www.txrjy.com/)
Powered by C114